Re: [nottingham] Win2K, Samba PDC and firewall

From: Matthew Sackman (matthew@sackman.co.uk)
Date: Sat 16 Mar 2002 - 11:10:54 GMT

Previous message: Seanie: "Re: [nottingham] Win2K, Samba PDC and firewall"
In reply to: Graeme Fowler: "Re: [nottingham] Win2K, Samba PDC and firewall"
Next in thread: Lee: "[nottingham] Fetchmail Sendmail...just keep on bouncing."
Reply: Lee: "[nottingham] Fetchmail Sendmail...just keep on bouncing."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Sat, Mar 16, 2002 at 10:06:53AM +0000, Graeme Fowler wrote:
> Put very simply, you need to allow ports 135 137 138 and 139 at the very
> least (TCP and UDP, ISTR) to allow basic Windows networking to work. You
> might also need TCP port 1040, but that seems to vary depending on what
> additional widgets are running (Exchange for example).
>
> Run:
>
> [root@server /root]# netstat -anp
> <snip>
> tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 8609/smbd
> udp 0 0 192.168.7.254:137 0.0.0.0:* 8618/nmbd
> udp 0 0 0.0.0.0:137 0.0.0.0:* 8618/nmbd
> udp 0 0 192.168.7.254:138 0.0.0.0:* 8618/nmbd
> udp 0 0 0.0.0.0:138 0.0.0.0:* 8618/nmbd
>
> and there you have it, but mine is a very basic setup. Thinking about it,
> port 135 was Win9x specific, but I could be wrong. It might also be opened
> as a PTP link at some point.

Running the same command shows that 139 is not binding to the broadcast
address:
tcp 0 0 192.168.1.100:139 0.0.0.0:* LISTEN 368/smbd
tcp 0 0 127.0.0.1:139 0.0.0.0:* LISTEN 368/smbd
udp 0 0 192.168.1.100:137 0.0.0.0:* 366/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 366/nmbd
udp 0 0 192.168.1.100:138 0.0.0.0:* 366/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 366/nmbd

OTOH, because I have a four IPs aliased to this machine, I have specific
interfaces listed in smb.conf:

interfaces = 192.168.1.100 127.0.0.1
bind interfaces only = yes

Hmm. Having read smb.conf man page again for bind interfaces only I guess it does make
this clear. Didn't read it properly last time I suspect.

> The broadcast address in Windows networking is extremely important, as
> it's the way the different servers/workstations advertise their presence
> into the 'Network Neighborhood'.

Explains a few error messages I was getting then!

> Of course, you did have a look in the Samba source code, right? ;-)

Um, yeah. I did... honest. ;-)

One other thing: I will need to share a locally connect printer off one of the
win2K boxes (I can't share it off the server as it'll be too far away physically).
I guess this shouldn't be a problem but can anyone think of any problems that might
arrise with this? Samba shouldn't have to be told about it, the printer should just
appear off the win2k box that it's attacted to right?

Thanks for your help.

Matthew

Matthew Sackman Nottingham England

BOFH Excuse Board: Computers under water due to SYN flooding. -------------------------------------------------------------------- http://www.lug.org.uk http://www.linuxportal.co.uk http://www.linuxjob.co.uk http://www.linuxshop.co.uk --------------------------------------------------------------------

Previous message: Seanie: "Re: [nottingham] Win2K, Samba PDC and firewall"
In reply to: Graeme Fowler: "Re: [nottingham] Win2K, Samba PDC and firewall"
Next in thread: Lee: "[nottingham] Fetchmail Sendmail...just keep on bouncing."
Reply: Lee: "[nottingham] Fetchmail Sendmail...just keep on bouncing."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Sat 16 Mar 2002 - 11:11:15 GMT